<?php
/* 수정 */
ob_start();

function debug($var) {
    echo "<pre>";
    print_r($var);
    echo "</pre><hr />";
}

$i = 0;

function msg($str) {
    global $i;
    $i++;
    echo $i . " - " . $str . "<br/>";
}

$conn = mysql_connect("localhost", "wordpress", "1234");
mysql_select_db("wordpress_db", $conn);

//msg("시작");

$clean = array();
$mysql = array();

$now = time();
$salt = 'SHIFLEFT';

debug($_COOKIE);

if($_POST['act'] == 'clearCookie'){
    update_test_auth("admin");
    ?>
    <a href="/cookie/login.php">로그인하러가기</a>
    <?
    exit;
}

extract($_POST);
if (ctype_alnum($userid) && ctype_alnum($password)) {
    $user_db = mysql_query("SELECT * FROM test_auth WHERE userid = '".$userid."'");
    $user_info = mysql_fetch_assoc($user_db);
    if( $user_info['password'] == $password ){
        echo "로그인 성공 - by db";
        update_test_auth($userid);
        ?>
            <br /><a href="/cookie/index.php">이동</a>
        <?
        exit;
    }else{
        echo "비번오류..";
        ?>
            <br /><a href="/cookie/login.php">로그인하러가기</a>
        <?
        exit;
    }
}

//debug($_COOKIE);

list($identifier, $token) = explode(':', $_COOKIE['auth']);

if (ctype_alnum($identifier) && ctype_alnum($token)) {
    $clean['identifier'] = $identifier;
    $clean['token'] = $token;
} else {
    echo 'please login<br />';
    ?>
    <br /><a href="/cookie/login.php">로그인하러가기</a>
    <?
    exit;
}

//그냥 문자열 이스케이프하는거인듯
$mysql['identifier'] = mysql_real_escape_string($clean['identifier']);

$sql = "SELECT * FROM test_auth WHERE identifier = '" . $mysql['identifier']."'";

$result = mysql_query($sql);

if ($result) {
    if (mysql_num_rows($result)) {
        //컬럼키로 페치 -> 배열
        $record = mysql_fetch_assoc($result);
        if ($clean['token'] != $record['token']) {
            //토큰이 다르면
            echo "failed login...token no match";
        } else if ($now > $record['timeout']) {
            //시간이 타임아웃 지났으면
            echo "failed login...time over";
            ?>
                <br /><a href="/cookie/login.php">로그인하러가기</a>
            <?
            exit;
        } else if ($clean['identifier'] != md5($salt . md5($record['userid']) . $salt)) {
            echo "failed login...identifier no match";
        } else {
            echo "로그인성공 - by cache";
            //update_test_auth($record['userid']);
        }
    } else {
        echo "failed login...not existing identifier";
    }
} else {
    echo "failed login...db access error";
}

function update_test_auth($userid) {
    global $salt, $now;
    mysql_query("UPDATE test_auth SET
        identifier = '" . md5($salt . md5($userid) . $salt) . "'
        , token = '" . md5(uniqid(rand(). true)) . "'
        , timeout = '" . ($now + 60) . "'
        WHERE userid = '" . $userid . "'
    ");

    $data = mysql_query("SELECT * FROM test_auth WHERE userid = '$userid' ");
    $data2 = mysql_fetch_assoc($data);
    setcookie('auth', $data2['identifier'].':'.$data2['token'], $timeout, '/cookie/', 'wp.dev.com', false, false);
}


?>
<form action="" method="post">
    <input type="hidden" name="act" value="clearCookie" />
    <input type="submit" value="로그아웃"/>
</form>